DDoS attacks are on the rise! “DDoS attacks have increased overall in the past 2 years, although the number of attacks between 2017 to 2018 and from 2018 to 2019 (to date) show some interesting trends. DDoS attacks increased 200 percent in Q1 2019 compared to the same time period in 2018. The number of DDoS attacks over 100 GB/s in volume increased 967 percent in Q1 2019,” according to Comparitech.
So, it brings us to the question: how can you defend against DDoS attacks? There are various techniques to protect your systems from DDoS attacks. But first and foremost, let’s get to know the biggest DDoS attacks of this century.
What is Distributed Denial-of-Service?
A Denial-of-Service (DoS) attack is a cyberattack that disrupts the services of a computer or other network resources connected to the Internet, making it unavailable to its intended users for a temporary or indefinite amount of time.
A DoS attack is usually achieved by flooding the targeted computer or resource with surplus requests with the goal of overloading the system and preventing some or all requests from its intended users, thus it’s called Denial of Service.
A Distributed Denial-of-Service (DDoS) is an advanced form of the Denial of Service (DoS) attack, wherein, the flooding of superfluous requests originates from various different sources. Since the requests come from various sources, it’s almost impossible to filter and block malicious attacks out of all requests.
How do Botnets assist in DDoS Attacks?
A botnet is a group of compromised devices connected to the Internet, which are running one or more bots. The devices in a botnet are compromised and controlled by an attacker to fulfil his malicious plans. A botnet may be used to launch Denial-of-Service attacks, send spam, steal data, and do a lot more.
Since a botnet is a collection of devices, which may be geographically distributed as well, it helps launch Distributed Denial-of-Service attacks. The devices in the botnet flood the target computer or resource with malicious, unneeded traffic, causing the target system to crash or overload, thus denying further service.
Worst DDoS Attacks of this Century
Let’s discuss the biggest or worst DDoS attacks, understand their methods and consequences, and learn from the mistakes that led to those DDoS attacks.
GitHub [2018]
The most popular developer platform — GitHub, now acquired by Microsoft — was attacked using Distributed Denial-of-Service (DDoS) on 28th February 2018. Fortunately, GitHub had opted for a protection service against DDoS attacks, which was able to detect and mitigate the attack under 10-20 minutes.
“GitHub briefly struggled with intermittent outages as a digital system assessed the situation. Within 10 minutes it had automatically called for help from its DDoS mitigation service, Akamai Prolexic. Prolexic took over as an intermediary, routing all the traffic coming into and out of GitHub, and sent the data through its scrubbing centers to weed out and block malicious packets. After eight minutes, attackers relented and the assault dropped off,” according to WIRED.
The DDoS attack was powerful enough to disrupt GitHub. “The first portion of the attack against the developer platform peaked at 1.35Tbps, and there was a second 400Gbps spike later. This would make it the biggest DDoS attack recorded so far. Until now, the biggest clocked in at around 1.1Tbps,” reported ZDNet.
What was different in this attack? There were no botnets involved, which is a popular method for launching a DDoS attack. It was executed using memcached, a popular database caching system. The attackers flooded those servers with falsified or spoofed requests, amplifying the attack by up to 50,000x.
Dyn [2016]
The second most powerful DDoS attack was launched against Dyn — a web performance and security company — in October 2016. It was a more devastating attack than that on GitHub, disrupting various popular services such as AirBnB, GitHub, Netflix, PayPal, Reddit, and Twitter since Dyn is a DNS provider.
It was executed using Mirai — a botnet malware that targets and compromises Internet of Things (IoT) devices like cameras, printers, televisions, etc. These compromised devices were then used to launch the DDoS attack on Dyn.
Fortunately, Dyn recovered from the attack within one day — a lot more than that taken by GitHub. That’s why Dyn incurred millions of dollars in losses. “Damage from the attack is reputed to have cost $110 million and despite the attack being contained within one day, in the immediate aftermath of the attack, over 14,500 domains dropped Dyn’s services,” according to MetaCompliance.
BBC [2015]
The BBC (British Broadcasting Corporation) — the well-known media company — was attacked on 1st January 2015. Although the magnitude of the attack or the attacker’s identity was never confirmed, it mostly topped at 600Gbps. Since the attack on Dyn topped at 1.1Tbps and that on GitHub topped at 1.35Tbps, the attack on BBC was the third-worst attack in the history of DDoS attacks.
“At the time this attack took place it was the largest one recorded (if indeed it reached that scale) taking nearly two weeks to completely recover from the incident. The entire BBC domain was taken down, including their on-demand television and radio player for a total of three hours worth of attack, plus experimenting residual issues for the rest of the morning,” per Sucuri Blog.
How to Defend against DDoS Attacks?
Since you now know about the worst DDoS attacks and the damages incurred to their target services, let’s learn the techniques to defend against DDoS attacks.
Secure your Infrastructure
You must opt for a multi-level protection plan to protect your network. The plan may include intrusion prevention systems and threat management systems along with content filters, firewalls, and load-balancers. Then, you must update your systems regularly since outdated systems have vulnerabilities, mostly!
Opt for Cloud/Scalable Host
You should plan for scale from the start by choosing a cloud-based or at least scalable hosting provider. Since the whole idea behind DDoS attacks is to flood your systems with unneeded requests to diminish resources if your systems are built to scale, such attacks will most likely fail. Then, a few cloud services can also detect and prevent unneeded traffic from reaching your app or website.
Deploy a Specialized Firewall
You must opt for a Web Application Firewall (WAF) — a specialized firewall built to analyze the incoming traffic to your app or website. It can detect and block malicious traffic from reaching your systems, thus protecting them against DDoS attacks. It also allows creating custom rules, allowing you to implement custom mitigations against any bad traffic after studying the traffic patterns.
That’s all about the worst DDoS attacks and how you can fight against future attacks on your app or website. Did you find it helpful? Write a comment below.